Drydock
Open source container update monitoring — 23 registries, 20 notification triggers, audit log, OIDC auth, Prometheus metrics, and a modern dashboard.
Install / Use
/learn @CodesWhat/DrydockREADME
<div align="center"> <picture> <source media="(prefers-color-scheme: dark)" srcset="docs/assets/whale-logo-dark.png" /> <source media="(prefers-color-scheme: light)" srcset="docs/assets/whale-logo.png" /> <img src="docs/assets/whale-logo.png" alt="drydock" width="220"> </picture> <h1>drydock</h1>[!IMPORTANT] Trivy Supply Chain Compromise (GHSA-69fq-xp46-6x23): Drydock is not affected. We do not use the compromised GitHub Actions, the bundled Trivy binary is pinned to a safe version (v0.69.3), and all CI actions are SHA-pinned. No compromised code was ever pulled or shipped. Full advisory →
Open source container update monitoring — built in TypeScript with modern tooling.
</div> <p align="center"> <a href="https://github.com/CodesWhat/drydock/releases"><img src="https://img.shields.io/badge/version-1.4.5-blue" alt="Version"></a> <a href="https://github.com/CodesWhat/drydock/pkgs/container/drydock"><img src="https://img.shields.io/badge/GHCR-40K%2B_pulls-2ea44f?logo=github&logoColor=white" alt="GHCR pulls"></a> <a href="https://hub.docker.com/r/codeswhat/drydock"><img src="https://img.shields.io/docker/pulls/codeswhat/drydock?logo=docker&logoColor=white&label=Docker+Hub" alt="Docker Hub pulls"></a> <a href="https://quay.io/repository/codeswhat/drydock"><img src="https://img.shields.io/badge/Quay.io-image-ee0000?logo=redhat&logoColor=white" alt="Quay.io"></a> <br> <a href="https://github.com/orgs/CodesWhat/packages/container/package/drydock"><img src="https://img.shields.io/badge/platforms-amd64%20%7C%20arm64-informational?logo=linux&logoColor=white" alt="Multi-arch"></a> <a href="https://github.com/orgs/CodesWhat/packages/container/package/drydock"><img src="https://ghcr-badge.egpl.dev/codeswhat/drydock/size" alt="Image size"></a> <a href="LICENSE"><img src="https://img.shields.io/badge/license-AGPL--3.0-C9A227" alt="License AGPL-3.0"></a> </p> <p align="center"> <a href="https://github.com/CodesWhat/drydock/stargazers"><img src="https://img.shields.io/github/stars/CodesWhat/drydock?style=flat" alt="Stars"></a> <a href="https://github.com/CodesWhat/drydock/forks"><img src="https://img.shields.io/github/forks/CodesWhat/drydock?style=flat" alt="Forks"></a> <a href="https://github.com/CodesWhat/drydock/issues"><img src="https://img.shields.io/github/issues/CodesWhat/drydock?style=flat" alt="Issues"></a> <a href="https://github.com/CodesWhat/drydock/commits/main"><img src="https://img.shields.io/github/last-commit/CodesWhat/drydock?style=flat" alt="Last commit"></a> <a href="https://github.com/CodesWhat/drydock/commits/main"><img src="https://img.shields.io/github/commit-activity/m/CodesWhat/drydock?style=flat" alt="Commit activity"></a> <br> <a href="https://github.com/CodesWhat/drydock/discussions"><img src="https://img.shields.io/github/discussions/CodesWhat/drydock?style=flat" alt="Discussions"></a> <a href="https://github.com/CodesWhat/drydock"><img src="https://img.shields.io/github/repo-size/CodesWhat/drydock?style=flat" alt="Repo size"></a> <img src="https://komarev.com/ghpvc/?username=CodesWhat-drydock&label=repo+views&style=flat" alt="Repo views"> <a href="https://github.com/veggiemonk/awesome-docker#container-management"><img src="https://awesome.re/mentioned-badge.svg" alt="Mentioned in Awesome Docker"></a> </p> <p align="center"> <a href="https://github.com/CodesWhat/drydock/actions/workflows/ci.yml"><img src="https://github.com/CodesWhat/drydock/actions/workflows/ci.yml/badge.svg?branch=main" alt="CI"></a> <a href="https://www.bestpractices.dev/projects/11915"><img src="https://www.bestpractices.dev/projects/11915/badge" alt="OpenSSF Best Practices"></a> <a href="https://securityscorecards.dev/viewer/?uri=github.com/CodesWhat/drydock"><img src="https://img.shields.io/ossf-scorecard/github.com/CodesWhat/drydock?label=openssf+scorecard&style=flat" alt="OpenSSF Scorecard"></a> <br> <a href="https://app.codecov.io/gh/CodesWhat/drydock"><img src="https://codecov.io/gh/CodesWhat/drydock/graph/badge.svg?token=b90d4863-46c5-40d2-bf00-f6e4a79c8656" alt="Codecov"></a> <a href="https://qlty.sh/gh/CodesWhat/projects/drydock"><img src="https://qlty.sh/gh/CodesWhat/projects/drydock/maintainability.svg" alt="Maintainability"></a> <a href="https://snyk.io/test/github/CodesWhat/drydock?targetFile=app/package.json"><img src="https://snyk.io/test/github/CodesWhat/drydock/badge.svg?targetFile=app/package.json" alt="Snyk"></a> </p> <hr> <h2 align="center">📑 Contents</h2>- 📖 Documentation
- 🚀 Quick Start
- 📸 Screenshots & Live Demo
- ✨ Features
- 🔌 Supported Integrations
- ⚖️ Feature Comparison
- 🔄 Migration
- 🗺️ Roadmap
- 📖 Documentation
- ⭐ Star History
- 🔧 Built With
- 🤝 Community QA
Recommended: use a socket proxy to restrict which Docker API endpoints Drydock can access. This avoids giving the container full access to the Docker socket.
services:
drydock:
image: codeswhat/drydock
depends_on:
socket-proxy:
condition: service_healthy
environment:
- DD_WATCHER_LOCAL_HOST=socket-proxy
- DD_WATCHER_LOCAL_PORT=2375
- DD_AUTH_BASIC_ADMIN_USER=admin
- "DD_AUTH_BASIC_ADMIN_HASH=<paste-argon2id-hash>"
ports:
- 3000:3000
socket-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
- CONTAINERS=1
- IMAGES=1
- EVENTS=1
- SERVICES=1
# Add POST=1 and NETWORKS=1 for container actions and auto-updates
healthcheck:
test: wget --spider http://localhost:2375/version || exit 1
interval: 5s
timeout: 3s
retries: 3
start_period: 5s
restart: unless-stopped
docker run -d \
--name drydock \
-p 3000:3000 \
-v /var/run/docker.sock:/var/run/docker.sock \
-e DD_AUTH_BASIC_ADMIN_USER=admin \
-e "DD_AUTH_BASIC_ADMIN_HASH=<paste-argon2id-hash>" \
codeswhat/drydock:latest
</details>Warning: Direct socket access grants the container full control over the Docker daemon. Use the socket proxy setup above for production deployments. See the Docker Socket Security guide for all options including remote TLS and rootless Docker.
Generate a password hash (
argon2CLI — install via your package manager):echo -n "yourpassword" | argon2 $(openssl rand -base64 32) -id -m 16 -t 3 -p 4 -l 64 -eOr with Node.js 24+ (no extra packages needed):
node -e 'const c=require("node:crypto");const s=c.randomBytes(32);const h=c.argon2Sync("argon2id",{message:process.argv[1],nonce:s,memory:65536,passes:3,parallelism:4,tagLength:64});console.log("argon2id$65536$3$4$"+s.toString("base64")+"$"+h.toString("base64"));' "yourpassword"Legacy v1.3.9 Basic auth hashes (
{SHA},$apr1$/$1$,crypt, and plain) are accepted for upgrade compatibility but deprecated (removed in v1.6.0). Argon2id is recommended for all new configurations. Authentication is required by default. See the auth docs for OIDC, anonymous access, and other options. To explicitly allow anonymous access on fresh installs, setDD_ANONYMOUS_AUTH_CONFIRM=true.
The image includes trivy and cosign binaries for local vulnerability scanning and image verification.
See the Quick Start guide for Docker Compose, socket security, reverse proxy, and alternative registries.
<hr> <h2 align="center" id="screenshots">📸 Screenshots & Live Demo</h2> <table> <tr> <td width="50%" align="center"><strong>Light</strong></td> <td width="50%" align="center"><strong>Dark</strong></td> </tr> <tr> <td><img src="docs/assets/drydock-dashboard-light.png" alt="Dashboard Light"></td> <td><img src="docs/assets/drydock-dashboard-dark.png" alt="Dashboard Dark"></td> </tr> </table> <div align="center">Why look at screenshots when you can experience it yourself?
<a href="https://demo.getdrydock.com"><img src="https://img.shields.io/badge/Try_the_Live_Demo-4f46e5?style=for-the-badge&logo=data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIyNCIgaGVpZ2h0PSIyNCIgdmlld0JveD0iMCAwIDI0IDI0IiBmaWxsPSJub25lIiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjIiIHN0cm9rZS1saW5lY2FwPSJyb3VuZCIgc3Ryb2tlLWxpbmVqb2luPSJyb3VuZCI+PHBvbHlnb24gcG9pbnRzPSI2IDMgMjAgMTIgNiAyMSA2IDMiLz48L3N2Zz4=&logoColor=white" alt="Try the Live Demo" height="36"></a>
Fully interactive — real UI, mock data, no install required. Runs entirely in-browser.
</div> <hr> <h2 align="center" id="features">✨ Features</h2> <table> <tr> <td align="center" width="33%"> <h3>Container Monitoring</h3> Auto-detect running containers and check for image updates across registries </td> <td align="center" width="33%"> <h3>20 Notification Triggers</h3> Slack, Discord, Telegram, Teams, Matrix, SMTP, MQTT, HTTP webhooks, Gotify, NTFY, and more </td> <td align="center" width="33%"> <h3>23 Registry Providers</h3> Docker Hub, GHCR, ECR, GCR, GAR, GitLab, Quay, Harbor, Artifactory, Nexus, and more </td> </tr> <tr> <td align="center"> <h3>Docker Compose Updates</h3> Auto-pull and recreate services via Docker Engine API with YAML-preserving service-scoped image patching </td> <td align="center"> <h3>Distributed Agents</h3> Monitor remote Docker hosts with SSE-based agent architecture </td> <td align="center"> <h3>Audit Log</h3> Event-based audit trail with perRelated Skills
node-connect
339.3kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
prose
339.3kOpenProse VM skill pack. Activate on any `prose` command, .prose files, or OpenProse mentions; orchestrates multi-agent workflows.
frontend-design
83.9kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
Writing Hookify Rules
83.9kThis skill should be used when the user asks to "create a hookify rule", "write a hook rule", "configure hookify", "add a hookify rule", or needs guidance on hookify rule syntax and patterns.
